Lawyers confirm that ‘general and blanket data retention is no longer possible’ in EU

The European Court of Justice (ECJ) ruling in April that the EU-wide Data Retention Directive (DRD), which required that all ISPs and communications providers keep data for at least 12 months, was invalid on the grounds that it ‘interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data,’ has certainly put the cat among the pigeons.

EU member states have had to decide whether to repeal local implementation of the Directive, effectively ending their powers of mass surveillance, or to try and push through alternative legislation that will preserve their right to spy on everything their citizens do online or via phone.

Most have so far simply kept quiet and waited to see what other states will do, but the UK has forged ahead with the Data Retention Investigatory Powers (DRIP) bill, which was hurried through parliament with very little time for debate, and which effectively establishes the UK government’s right to demand that ISPs and telecommunications companies retain records of all phone calls, emails, Instant Messages, video chats and web pages visited, and that approved government agencies can access these records.

Home secretary Teresa May defended the bill, arguing that it merely confirmed existing government powers (i.e. those granted under local implementation of the DRD), and that,

‘If we delay we face the appalling prospect police operations will go dark, that trails will go cold, that terrorist plots will go undetected. If that happens, innocent lives may be lost.’

However, new evidence uncovered by an Austrian civil liberties group shows that EU lawyers viewed the ECJ ruling in April as a complete rejection of blanket data retention,

‘But civil liberties campaigners AK Vorrat have now obtained internal documents showing that at a recent closed meeting of EU Justice and Home Affairs ministers the Council’s Legal Services stated that paragraph 59 of the European Court of Justice’s ruling on the Data Retention Directive “suggests that general and blanket data retention is no longer possible”.’

Paragraph 59 of the ECJ ruling reads,

‘Moreover, whilst seeking to contribute to the fight against serious crime, Directive 2006/24 does not require any relationship between the data whose retention is provided for and a threat to public security and, in particular, it is not restricted to a retention in relation (i) to data pertaining to a particular time period and/or a particular geographical zone and/or to a circle of particular persons likely to be involved, in one way or another, in a serious crime, or (ii) to persons who could, for other reasons, contribute, by the retention of their data, to the prevention, detection or prosecution of serious offences.’

This new evidence that top EU lawyers consider excessive blanket surveillance to have been declared illegal by the ruling will likely (hopefully) be a blow to UK Prime Minister David Cameron’s DRIP plans, although with his promise of an EU membership referendum following the next election, who knows what will happen?